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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.1 14, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 17 December 2008 has been entered. 



Response to Amendment 

The amendment filed 1 December 2008 has been entered. Claims 1, 11, 13-16, and 20- 
22 are pending. Claims 1 and 15 are currently amended. No claims are new. Claims 2-10, 12, 
17-19, and 23-45 are cancelled. This action is NON-FINAL. 



Claim Objections 

As per claim 15, there should be a comma after the phrase "an author of the unrestricted 
portion" in the step of "collecting." 



Claim Rejections - 35 USC § 112, Second Paragraph 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 
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Claiml is rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for failing 
to particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. 

Claim 1 is indefinite because the steps of "receiving," "interrogating," and "collecting" 
are unclear. The step of "collecting the content object. . . responsive to the request" implies that 
the method receives a request for a content object and interrogates a plurality of content sources 
to retrieve the content object. That is what the specification describes, but limitations from the 
specification are not read into the claims. Thus, it is unclear from where the "content object. . . 
responsive to the request" is coming and how the steps of "receiving" and "interrogating" are 
related to the rest of the steps. 

Further, the claim is indefinite because the method interrogates a plurality of content 
sources (presumably to retrieve a content object) but then collects the content object from the 
federated repository. It is unclear why the method interrogates a plurality of content sources but 
collects the content object from the federated repository. From the specification, it appears that 
the "federated content repository" comprises the "plurality of content sources." Limitations from 
the specification are not read into the claims, however. 



Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful 
improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 



Claims 15-16 and 20-22 rejected under 35 U.S.C. 101 because the claimed invention is 



directed to non- statutory subject matter. 
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The process of claims 15-16 and 20-22 is not statutory because abstract ideas alone are 
not patentable. To be patentable, a process must have a practical application and (1) be tied to a 
particular machine or (2) transform a particular article into a different state. In re Comiskey, 499 
F.3d 1365, 1376-77 (Fed. Cir. 2007); In re Bilski, _ F.3d _ (Fed. Cir. 2008). 

An algorithm that is only useful in connection with a computer is still not "tied" to a 
machine. Gottschalk v. Benson, 409 U.S. 63, 64, 71-72 (A method of converting binary-coded 
decimal numerals into pure binary numerals was "not limited to any particular art or technology, 
to any particular apparatus or machinery, or to any particular end use" and would "wholly 
preempt the mathematical formula and in practical effect would be a patent on the algorithm 
itself). Rather, a claim reciting an algorithm is statutory only if, as employed in the process, "it 
is embodied in, operates on, transforms, or otherwise involves another class of statutory subject 
matter, i.e., a machine, manufacture, or composition of matter." In re Comiskey, 499 F.3d at 
1376. 

Here, the method preempts an abstract idea because it could be performed by a human 
entirely on paper. The limitation "collecting a content object responsive to a request by a 
collection function on a server" does not sufficiently tie the method to a particular machine 
because the "collection function" does not perform any method steps; rather, it requests that 
whatever is performing the method (e.g. a human) do something. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 



Application/Control Number: 1 0/709,75 1 Page 5 

Art Unit: 2168 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1,11, and 13-14 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bohrer et al, U.S. 2003/0088520 ("Bohrer"), in view of Kohane et al, U.S. 2004/0199765 
("Kohane"). 

1 . Bohrer teaches "A method for managing privacy preferences or access to restricted 
information, comprising,'" see par. 1, "methods, systems and business methods to enforce privacy 
preferences on exchanges of personal data across a network." 

Bohrer teaches "tagging restricted or personal information in a content object to 
distinguish the restricted or personal information from an unrestricted portion of the object 
content" see Fig. 2 and par. 45, "The Authorization Dataset in a rule contains the data items that 
can be released according to the rule. Each authorization data set can be either a View Level 
205 . . . Moreover, a data subject can categorize his/her personal data into multiple View Levels 
(layers) so that the data in each View Level have the same privacy preference, access and 
authorization constraints, whereas data in different View Levels have different constraints" 
where the claimed "content object" is the referenced "authorization rule 201" and the claimed 
"tagging restricted or personal information" is the referenced user categorization of personal data 
into "View Levels." 

Bohrer teaches "storing the content object in a federated content repository" see par. 17, 
"it allows a data subject to express complex policies on a large set of personal data in a way that 
is applicable regardless of the specific representation and data model used by enterprises that 
store that data." 
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Bohrer teaches "storing the personal identification information of the author in a 
separate storage device from the federated content repository '," see Fig. 1 and par. 33, "To 
facilitate the requests from a Data Subject to setup data profiles and privacy policies. . . The 
profiles are stored in a Profile Database 123 while the policies are stored in a Policy Database 
124." 

Bohrer teaches "receiving a request by a collection function on a server" see par. 32, "a 
Data Requester 105 can use a web browser 106 or some other computer programs 107 to send 
requests for data." 

Bohrer teaches "interrogating a plurality of content sources remote from the server by 
the collection function to satisfy the request" see par. 35, "The Profile Responder 116 receives 
requests for profile information. . . and uses the Policy authorization engine to check the 
authorization and privacy policies." 

Bohrer teaches "collecting the content object from the federated content repository in 
response to the content object being responsive to the request" see par. 16, "The data is released 
only if the privacy declaration of the requester matches the constraints imposed by the data 
subject via its privacy preferences." 

Bohrer teaches "distributing the content object to a privacy function on the server" see 
par. 30, "This embodiment supports the enforcement of privacy preferences in data exchanges 
according to authorization checks based on the privacy preferences specified by a data subject 
with the privacy policies of a data requester" where the referenced "authorization checks" are the 
claimed "privacy functions." 
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Bohrer teaches "comparing the privacy preferences or other restriction preferences of the 
author of the content object to policies of a content provider by a compare function of the 
privacy function," see Fig. 5 and par. 82, "For each data item name in the query and in the 
request item list, the Policy Authorization Engine retrieves any privacy preferences from the 
authorization rules. It then performs the Policy-Preference matching process (see FIG. 6) for 
each data item" and par. 5, "the products listed here focus on allowing a complex privacy policy 
to be represented and checked against either a web site's privacy policy or a data requester's 
privacy policy" where the claimed "content provider" is the referenced "web site's privacy 
policy or a data requester's privacy policy." 

Bohrer teaches "and distributing the content object based on the privacy preferences or 
other restriction preferences" see Fig. 4b and par. 81, "A data response is. . . the subset of 
specific data items which were requested and authorized, along with associated privacy 
declarations representing the data subject's privacy preferences." 

Bohrer does not teach "defining the content object to include the unrestricted portion of 
the object content in a mark-up language and a link to the restricted or personal information... 
and wherein the restricted information comprises personal identification information of the 
author." Kohane does, however, see Figs. 3-4, par. 37, "A record is an integrated collection of 
information concerning a particular individual or entity. That particular individual (or entity) is 
the record owner. The creator of the record, hereafter called the record author, can be the record 
owner," pars. 40, "the information about the record owner in the record is embodied in record 
objects," par. 67, "The Data section 68 can contain zero or more record objects, denoted by 
'(Record-object*)' and includes two attributes, 'type' and 'URL.' In one embodiment, the data 
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section 68 either includes the record data internally or references an external location from which 
the data can be obtained," and par. 103, "For example, the record owner can place personal 
identification information within one record object," where the claimed "content object" is the 
referenced "record," the claimed "unrestricted portion" is the referenced internal "record data," 
the claimed "link" is the referenced reference to "an external location," and the claimed 
"restricted information" is the referenced "information about the record owner." While Kohane 
does not explicitly teach "wherein the content object comprises one of a white paper, a case 
study, a press release, and an article by an author, wherein the unrestricted portion of the 
content object includes a title, an abstract, and a description" it would be obvious for the record 
to contain at least a white paper since they are generally confidential, see par. 37, "In other 
embodiments, the record can include other types of personal or confidential information, such as 
financial data, legal data, etc." Thus, it would have been obvious to one of ordinary skill in the 
database art at the time of the invention to combine the teachings of the cited references because 
Kohane 's teachings would have allowed Bohrer's method to give a third party access to the 
record without revealing the identity of the author, see par. 102. 

Bohrer does not explicitly teach "parsing the content object by the privacy function to 
provide access to the privacy preferences or other restriction preferences of the author of the 
content object in response to the content object being collected to satisfy the request." Kohane 
does, however, see par. 103, "Consequently, when the research institution accesses the record of 
the record owner, the gateway server system 22 parses through the associated directory file and 
skips over those record objects for which the research institution is unauthorized" and par. 83, 
"The gateway server system 22 parses (step 104) through the directory file to determine those 
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record objects that the accessing agent can manipulate according to the specified record 
operation." Thus, it would have been obvious to one of ordinary skill in the database art at the 
time of the invention to combine the teachings of the cited references because Kohane's 
teachings would have allowed Bohrer's method to give a third party access to the record without 
revealing the identity of the author, see par. 102. Bohrer does teach "wherein the privacy 
preferences or other restriction preferences are remote from the server and are accessed by the 
link,'" see Fig. 1 and par. 32, "Similarly, a Data Requester 105 can use a web browser 106 or 
some other computer programs 107 to send requests for data 109 as well as receive replies 1 10 to 
that request along with any returned data." 

1 1 . Bohrer teaches "The method of claim 1, further comprising locating or accessing 
privacy preferences or other restriction preferences using another link" see Fig. 1 and par. 32, 
"Similarly, a Data Requester 105 can use a web browser 106 or some other computer programs 
107 to send requests for data 109 as well as receive replies 1 10 to that request along with any 
returned data." 

13. Bohrer teaches "The method of claim I, further comprising distributing the content 
object to a requester without any modification to the content object in response to the privacy 
preferences or other restriction preferences of the author or owner of the content object being 
consistent with the content provider's policies," see par. 17, "an independent third party acting as 
a data-subject's personal data service and providing various services including. . . matching 
privacy policies, gathering data from third parties and releasing and/or authorizing release of data 
to data requesters." 
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14. Bohrer teaches "The method of claim I, further comprising: deleting or replacing the 
restricted or personal information with default or generic information in response to the privacy 
preferences or other restriction preferences of the author or owner of the content object being 
inconsistent with the content provider's policies? see par. 81, "A data response is either a denial, 
if the request cannot be fulfilled, or the subset of specific data items which were requested and 
authorized" and Fig. 5 where, see par. 82, "If the result is deny, then the data item is not included 
in the list of data items to be returned in the response 511" where the claimed "deleting" is the 
referenced data "not included" in the response. 

Bohrer teaches "repackaging the content object in response to deleting or replacing the 
restricted or personal information? see Fig. 5 and par. 82, "When the entire request list has been 
processed, the data to be returned is gathered 516." 

Bohrer teaches "and distributing the repacked content object to a requester without the 
restricted or personal information which has been deleted ore replaced by the default or generic 
information? see Fig. 5 and par. 82, "the response structure is constructed and returned to the 
requester by the Profile Responder 517." 

Claims 15-16 and 20-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bohrer et al, U.S. 2003/0088520 ("Bohrer"), in view of Fahlman et al, U.S. 5,960,080 
("Fahlman"), and further in view of Kohane et al., U.S. 2004/0199765 ("Kohane"). 

15. Bohrer teaches "A method for managing privacy or access to restricted information, 
comprising? see par. 1, "methods, systems and business methods to enforce privacy preferences 
on exchanges of personal data across a network." 
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Bohrer teaches "collecting a content object responsive to a request by a collection 
function on a server" see Fig. 5 and par. 82, "If authentication succeeds, then the data request is 
passed to the Policy Authorization Engine which retrieves all Authorization Rules of the data 
subject specified in the request 503." Bohrer does not teach "wherein the content object includes 
an unrestricted portion and a link to restricted personal identification information of an author 
of the unrestricted portion.'" Kohane does, however, see Figs. 3-4, par. 37, "A record is an 
integrated collection of information concerning a particular individual or entity. That particular 
individual (or entity) is the record owner. The creator of the record, hereafter called the record 
author, can be the record owner," pars. 40, "the information about the record owner in the record 
is embodied in record objects," par. 67, "The Data section 68 can contain zero or more record 
objects, denoted by '(Record-object*)' and includes two attributes, 'type' and 'URL.' In one 
embodiment, the data section 68 either includes the record data internally or references an 
external location from which the data can be obtained," and par. 103, "For example, the record 
owner can place personal identification information within one record object," where the claimed 
"content object" is the referenced "record," the claimed "unrestricted portion" is the referenced 
internal "record data," the claimed "link" is the referenced reference to "an external location," 
and the claimed "restricted. . . information" is the referenced "information about the record 
owner." Bohrer also does not teach "wherein the content object is stored in a federated content 
repository and the restricted personal identification information of the author of the unrestricted 
portion of the content object is stored in a separate storage device from the federated content 
repository." Kohane, does, however, see Fig. 1, par. 32, "In one embodiment, the agent system 
26 is a computer system that is in communication with one or more legacy data systems 34a and 
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34b (collectively 34) over a network 30. For example, the legacy data systems 34 can be 
databases containing confidential records maintained by independent institutions such as 
hospitals, financial, and legal institutions," and par. 39, "When the record owner initially 
connects to the gateway server system 22 (using the agent system 14, 18, or 26), the record 
owner can control the server 18 upon which the record is stored as an XML directory file," 
where the claimed "server" is the referenced "server system 22," the claimed "federated content 
repository" is the referenced "server 18," and the claimed "separate storage device" is the 
referenced "legacy data systems 34a and 34b." Thus, it would have been obvious to one of 
ordinary skill in the database art at the time of the invention to combine the teachings of the cited 
references because Kohane's teachings would have allowed Bohrer's method to gain access to 
confidential records over a network, see par. 5. 

Bohrer teaches "accessing privacy preferences or other restriction preferences of the 
author of the unrestricted portion of the content object, wherein the privacy preferences or other 
restriction preferences are remote from the server" see Fig. 5 and par. 82, "the Policy 
Authorization Engine next compares the privacy declarations in the request with the Privacy 
Preference Rules in the authorization rules for each profile data item name in the request item 
506." 

Bohrer teaches "comparing the privacy preferences or other restriction preferences of the 
author of the unrestricted portion of the content object to a content provider 's policies" see Fig. 
5 and par. 82, "For each data item name in the query and in the request item list, the Policy 
Authorization Engine retrieves any privacy preferences from the authorization rules. It then 
performs the Policy-Preference matching process (see FIG. 6) for each data item" and par. 5, 



Application/Control Number: 1 0/709,75 1 Page 1 3 

Art Unit: 2168 

"the products listed here focus on allowing a complex privacy policy to be represented and 
checked against either a web site's privacy policy or a data requester's privacy policy" where the 
claimed "content provider" is the referenced "web site's privacy policy or a data requester's 
privacy policy." 

Bohrer teaches "[deleting] private or restricted information... in response to the privacy 
preferences or other restriction preferences being inconsistent with the content provider's 
policies, wherein the content provider collects the content object and has access to the private or 
restricted information? see Figs. 4-5, 7, par. 81, "A data response is either a denial, if the request 
cannot be fulfilled, or the subset of specific data items which were requested and authorized," 
par. 82, "If the result is deny, then the data item is not included in the list of data items to be 
returned in the response 511" and par. 88, "FIG. 7 is a flow diagram of a routine that enables a 
gather and filtering process carried out to collect data to be returned to a data requester," where 
the claimed "deleting" is the referenced data "not included" in the response. Bohrer does not 
teach "replacing private or restricted information with default or generic information." Fahlman 
does, however, see Fig. 1 and col. 3, lines 48-53, "In step 105, the identified sensitive terms are 
replaced with standard tokens. For example, the sensitive term 'Mr. Johnson' is replaced by the 
standard token <person-l>, and the term 'Jul. 1, 1997' is replaced by <date-l>." Thus, it would 
have been obvious to one of ordinary skill in the database art at the time of the invention to 
combine the teachings of the cited references because Fahlman's teachings would have allowed 
Bohrer' s method to grant access to an untrusted source without compromising confidentiality, 
see col. 1, line 66 - col. 2, line 3. 
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Bohrer teaches "repackaging the content object in response to replacing the private or 
restricted information," see Fig. 5 and par. 82, "When the entire request list has been processed, 
the data to be returned is gathered 516." 

Bohrer teaches "and distributing the repackaged content object to a requester without the 
private or restricted information" see Fig. 5 and par. 82, "the response structure is constructed 
and returned to the requester by the Profile Responder 517." 

16. Bohrer teaches "The method of claim 15, further comprising distributing the content 
object as originally constituted in response to the privacy preferences or other restriction 
preferences being consistent with the content provider's policies" see par. 33, "To facilitate the 
requests. . . for data from Data Requesters, the system must provide several different 
functionalities, including the ability to. . . authorize release of data based on authorization rules 
and privacy policy matching and release data." 

20. Bohrer teaches "The method of claim 15, further comprising distributing any content 
object in response to the request to a privacy function" see par. 30, "This embodiment supports 
the enforcement of privacy preferences in data exchanges according to authorization checks 
based on the privacy preferences specified by a data subject with the privacy policies of a data 
requester' where the 'authorization checks' are considered 'privacy functions.'" 

21. Bohrer teaches "The method of claim 20, further comprising parsing the content 
object to provide access to privacy preferences or other restriction preferences" see par. 44, "In 
other words, an Authorization Rule declares that for a specified Authorization Dataset, the 
specified Privacy Preference Rule is applied for the specified Access List to determine an 
Authorization Action" and par. 46, "The Access List in a rule declares who can access the 
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specified data set upon Privacy Preference matching" where in order to apply the referenced 
"Privacy Preference Rule" to the "Access List," the "Privacy Preference Rule" must be "parsed." 

22. Bohrer teaches "The method of claim 21, further comprising locating or accessing the 
privacy preferences or restriction preferences using a link" see Fig. 1 where, see par. 32, 
"Similarly, a Data Requester 105 can use a web browser 106 or some other computer programs 
107 to send requests for data 109 as well as receive replies 1 10 to that request along with any 
returned data." 



Response to Arguments 

As per Applicant's argument that Kohane does not teach "defining the content object to 
include the unrestricted portion of the object content in a mark-up language and a link to the 
restricted or personal information,'" the Examiner respectively disagrees. In order to clarify the 
previous rejection, the Examiner has cited Figs. 3-4, par. 37, "A record is an integrated collection 
of information concerning a particular individual or entity. That particular individual (or entity) 
is the record owner. The creator of the record, hereafter called the record author, can be the 
record owner," pars. 40, "the information about the record owner in the record is embodied in 
record objects," par. 67, "The Data section 68 can contain zero or more record objects, denoted 
by '(Record-object*)' and includes two attributes, 'type' and 'URL.' In one embodiment, the 
data section 68 either includes the record data internally or references an external location from 
which the data can be obtained," and par. 103, "For example, the record owner can place 
personal identification information within one record object," where the claimed "content object" 
is the referenced "record," the claimed "unrestricted portion" is the referenced internal "record 
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data," the claimed "link" is the referenced reference to "an external location," and the claimed 
"restricted information" is the referenced "information about the record owner." 

As shown in Figs. 3-4 and described in at least the cited paragraphs, Kohane's "records" 
include internal data and/or links (URL's) to "record-objects." An author/owner's personal 
information is stored in one or more record-objects linked to the record. The internal data, data 
objects with full privileges granted to all roles, and/or all information in the record other than the 
record-objects is "unrestricted." Thus, Kohane teaches a mark-up language content object that 
includes an unrestricted portion of content and a link to the restricted/personal information. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aaron Sanders whose telephone number is 571-270-1016. The 
examiner can normally be reached on M-F 9:00a-4:00p. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Tim Vo can be reached on 571-272-3642. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
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